venerdì 10 agosto 2012

This guide is based on various community forum posts and webpages. Special thanks to all. All comments and improvements are very welcome as this is purely a personal experimental project at this point and must be considered a work in progress.

This guide is intended as a relatively easy step by step guide to:

Harden the security on an Ubuntu 12.04 LTS server by installing and configuring the following:

10.Protect from DDOS (Denial of Service) attacks - ModEvasive

11. Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban.

DenyHosts is a python program that automatically blocks SSH attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins.

Open a Terminal and enter the following :

sudo apt-get install denyhosts

After installation edit the configuration file /etc/denyhosts.conf and change the email, and other settings as required.

When done with the configuration of Fail2Ban restart the service with :

sudo /etc/init.d/fail2ban restart

You can also check the status with.

sudo fail2ban-client status

12. Intrusion Detection - PSAD.

Cipherdyne PSAD is a collection of three lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic.

Currently version 2.1 causes errors during install on Ubuntu 12.04, but apparently does work. Version 2.2 resolves these issues but is not yet available on the Ubuntu software repositories. It is recommended to manually compile and install version 2.2 from the source files available on theCiperdyne website.

14.Scan open ports - Nmap.

Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing.

Open a Terminal and enter the following :

sudo apt-get install nmap

Scan your system for open ports with :

nmap -v -sT localhost

SYN scanning with the following :

sudo nmap -v -sS localhost

15.Analyse system LOG files - LogWatch.

Logwatch is a customizable log analysis system. Logwatch parses through your system's logs and creates a report analyzing areas that you specify. Logwatch is easy to use and will work right out of the package on most systems.

Open a Terminal and enter the following :

sudo apt-get install logwatch libdate-manip-perl

To view logwatch output use less :

sudo logwatch | less

To email a logwatch report for the past 7 days to an email address, enter the following and replace mail@domain.com with the required email. :

16. SELinux - Apparmor.

National Security Agency (NSA) has taken Linux to the next level with the introduction of Security-Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof.